Lockbits dark web domains chopped, internal data and wallets are leaked through

The dark web domes from LockBit were hacked, which reveals internal data, partner tools and over 60,000 Bitcoin letters of the ransomware group in one big blow.

The Ransomware Group Lockbit has suffered a difficult blow after the dark web domain and the infrastructure were kidnapped and kidnapped by an unknown attacker. The violation of the hidden service bodies of the group disrupted and included a public mocking: “Crime is not. Crime is bad Xoxo from Prague.”

This violation is the latest in a series of setbacks for attract bites, once one of the most productive ransomware-as-a-service operations (RAAS). Less than 15 months after the international law enforcement agencies, including the FBI and the British National Crime Authority, has been dismantled, parts of the group's infrastructure and arrested several members in early 2024.

What distinguishes this incident is that the attacker not only has stored pages, but also leaked internal data that offer a rare look within the company. The published garbage dump contains affiliate communication, internal tooling details and a list of over 60,000 Bitcoin wallet addresses that are supposedly tied to the activities of attract bitbit.

Security analysts believe that the violation may have been carried out by a competing cyber criminal crime group or a hacktivist with insider knowledge. The access level that is necessary to condemn several dark web panels and to extract sensitive data to more than just a hack for fame.

Skiped screenshots that have shared the attacker

In response to this, attracting partners and supporters tried to shift the operations, but the damage is already remarkable. The leak contains operational workflows, sales models and technical weaknesses.

In the past few months, Lockbit has tried to regain the traction by promising updates to his malware and the promising fresh infrastructure after the enforcement measures of 2024. This latest incident not only does these efforts put back, but also reveals weaknesses that could be used again.

Similar astonishment reported on the dark web -loser site from Everest Ransomware

In April 2025, the Everest Ransomware group was affected by an almost identical obligation. An unknown attacker left the same message on his dark website. The incident was first reported by Tammy H, a dark web investigator at Flare.io, a Canadian cybercrime -intelligence company.

For law enforcement agencies and cyber security researchers, however, the latest attraction data can be a gold mine. It can help identifying the victim, the persecution of articles and even the possible exposure of the most important partners. For LockBit, this is just another low point in a declining run that the group once saw behind top -class attacks on companies, hospitals and government systems.